0

Variations of this warning show up many times in the Postfix logs:

warning: hostname 107-174-39-133-host.colocrossing.com does not resolve
     to address 107.174.39.133: Name or service not known

I'd like to know what this warning actually means.

Specifically, is it a forward or reverse DNS check that's failing? Is it using A, MX or PTR records? Is the failure caused by the remote mail server using cloudflare.com? Or is Postfix catching a spammer impersonating a server that isn't theirs?

Here's a live example of dig queries:

dig -x 107.174.39.133

;; ANSWER SECTION:
133.39.174.107.in-addr.arpa. 300 IN PTR 107-174-39-133-host.colocrossing.com.


dig 107-174-39-133-host.colocrossing.com

;; AUTHORITY SECTION:
colocrossing.com.   355 IN  SOA brad.ns.cloudflare.com. dns.cloudflare.com. 2324254619 10000 2400 604800 1800

The reverse lookup PTR matches the domain to the IP address, but the forward lookup doesn't return an IP address.

I'd like to know if this is spam or a Postfix misconfiguration?

Please note: I already have smtp_host_lookup = native set, and the server's real IP address set in /etc/hosts:

127.0.0.1       localhost
xx.xx.xx.xx     domain.com
xx:xx::xx:xx:xx:xx   domain.com

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
Improve this question

1 Answer 1

Reset to default
1

You are using forward-confirmed reverse DNS (FCrDNS) and

warning: hostname 107-174-39-133-host.colocrossing.com does not resolve
     to address 107.174.39.133: Name or service not known

is telling you that the hostname 107-174-39-133-host.colocrossing.com from PTR lookup has no A record at all. The hostname needs to resolve to the original IP address via its A record.

I'd like to know if this is spam or a Postfix misconfiguration?

This is what seems to be configured. Checking a PTR record alone allows any host with a faked reverse DNS name to circumvent various security settings on your server. You can require FCrDNS (which is a good idea generally) and either reject misconfigured hosts outright (with possible, manual whitelisting), or you accept the connection and deal with potential spam later.

Improve this answer
2
  • So this is likely spam then? I was concerned that the cloudflare.com setup may cause the DNS check to fail and create a false-positive.
    – Nick Lockheart
    Nov 30 at 18:15
  • We can't tell you that. However, 107.174.39.133 is listed on spamhaus and sorbs DNSBLs.
    – Zac67
    Nov 30 at 18:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .